Display results as :

Rechercher Advanced Search

Latest topics
» Tuyệt Kỹ Đong Giai Chân Kinh (tuyệt Kỹ cua trai)
Thu Aug 23, 2012 5:38 am by Admin

» Tuyệt kỹ cua giai
Thu Aug 23, 2012 5:36 am by Admin

» NETCAT.........
Mon Aug 13, 2012 6:35 am by Admin

» Bảo mật CSDL bằng phương pháp mã hóa.
Tue Apr 17, 2012 10:04 pm by Admin

» Hàm mã hóa MD5 bằng JavaScript
Tue Apr 17, 2012 10:03 pm by Admin

» Giá của món quà
Fri Apr 13, 2012 6:01 am by Admin

» Sẽ chỉ yêu ai?
Fri Apr 13, 2012 6:01 am by Admin

» Cách đọc bảng chữ cái!
Thu Apr 12, 2012 10:37 pm by Admin

» Gắn trojan, keylog, virus vào website, forum
Tue Apr 10, 2012 1:14 am by Admin


free forum

Javascript Injection Attacking method

Go down

Javascript Injection Attacking method

Post  Admin on Thu Oct 21, 2010 7:23 pm

Interested in javascript injection? Good! It's one of the most fun exploits out there. A couple things you can do with it (depending on how well the admin secured the site) is to set countdowns to 0 (for downloads and stuff), change gender to 'Alien' or whatever you want (on your profile), and other fun stuff.

I'm not going to go in to very much detail with this because last time I did that I accidently deleted my article and I don't feel like doing it all over again. Let's look at a basic input and learn what we can do to change it:

<form name"buy" method="POST" action="">
<input type="hidden" name="item" value="book">
<input type="hidden" name="price" value="20.00">

<form name="buy" method="POST" action="">
<input type="hidden" name="item" value="laptop">
<input type="hidden" name="price" value="999.99">

Okay, let's say this is a shopping form. I have actually seen something very similar to this, only you got hosting with it. So, you probably know that computer arrays start at 0. You usually enter javascript injection to the url bar, so let's look at how to set the price of the laptop to $0.00!


Now, the javascript: part means we are entering javascript (obviously), the void function means we are changing something. We then type document. to say it's on this page, or we are editing something on this page. Then, when we get to the forms
part, we are choosing which form to edit. Since we said forms[1], we are editing the second one. We then select by name which input we want to change and put the name there (we are using price.) then we are going to set the value of it (since that's where the price is). So we say value="0.00" to set it to $0.00.

Isn't that lovely? You can also edit cookies like this:


Tổng số bài gửi : 782
Join date : 2009-08-15

View user profile

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum